subject:"\[Samba\] Re\: Group Policy for Win2k\/XP"

[Samba] Re: Group Policy for Win2k/XP

2003-06-27 Thread Dragan Krnic

The thing that I have been having great difficulty 
understanding, and this could be because of lack of 
Windows knowledge but bear with me, is how you can 
have DIFFERENT policy files based on... well, 
anything.

Shouldn't it be possible to add some macros like %m
to the path = parameter in [netlogon] stanza? I
haven't used the trick myself, but it sounds like
this is what you really want:

   [netlogon]
path = /local/%m/netlogon
write list = root
browseable = No

I know group support is limited... how about even 
based on NetBIOS name as I can easily get that from 
%m at least. I know, for example, the profile of a 
Win2k machine will be located in 
\\SERVER\NETLOGON\Default Profile, but what if
I want to have one for lab PC's and one for Office 
PC's, and for some remote sites, none at all, just 
authentication? I know how to implement policies per 
user, too, but I don't want to have to login as the 

Now that you mention it, can you share some of your
experiences? Which tool do you use? What is your
typical set of rules?

This is one area where I'm still having problems.
When a PC is added to a samba domain DOM I can see
that the local Administrators group gets a new member
DOM\Administrators and the Local Users group gets
DOM\Users. Everyone who can authenticat himself as
a DOM\User can use the PC. However, there is very
little they can do with their own environment. They
can't change the Wallpaper, they can't change Explorer
properties, the mounted shares are not carried forward
to a new session etc. Even if I add DOM\Users to the
group of local Power Users, no further privileges can
be seen.

So how do you set up such things with the group
policies?

user, set the policy and then save the policy and log 
out. How can I apply a policy to a user based on some 
arbitrary information? Is the logon script early
enough to do some work behind the scenes to smylink 
the proper files into the right place, or... am I 
totally off track here? I'm sure this is something 
everyone does, but I can't for the life of me figure 
out the way to make this stuff apply to different users differently.

If privileges are right, you can do much with the
logon script (which is in [netlogon]). If you
configure the path to be dependent upon both %m
and %u then you can use links to set up any 
combination of machines getting their own profiles
and users getting their profiles too.



Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail!
http://login.mail.lycos.com/r/referral?aid=27005
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Group Policy for Win2k/XP

2003-06-26 Thread admir

What server are you using for your users to log in?

Is it samba or win2000? If it is samba then take a look at samba howto head
3 at samba.org . It is telling you there how to change registry for machines
to set diferent path for profile and policy updates. If you are using
win2000 server just install active directory and look at Microsoft.com for
info how to deploy security and policy settings in Active Directory.

I have not done this in a long time. That is all I can tell you for now.

regards,

Admir

Ryan Novosielski [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Sorry to re-send, but I think this may have gotten missed last time,
 possibly because of the inaccurate subject line. Can someone throw me a
 bone here? I am very lost as far as this one part of the administration
 goes.

 Thanks for any help you can provide!

 The thing that I have been having great difficulty understanding, and this
 could be because of lack of Windows knowledge but bear with me, is how you
 can have DIFFERENT policy files based on... well, anything. I know group
 support is limited... how about even based on NetBIOS name as I can easily
 get that from %m at least. I know, for example, the profile of a Win2k
 machine will be located in \\SERVER\NETLOGON\Default Profile, but what if
 I want to have one for lab PC's and one for Office PC's, and for some
 remote sites, none at all, just authentication? I know how to implement
 policies per user, too, but I don't want to have to login as the user, set
 the policy and then save the policy and log out. How can I apply a policy
 to a user based on some arbitrary information? Is the logon script early
 enough to do some work behind the scenes to smylink the proper files into
 the right place, or... am I totally off track here? I'm sure this is
 something everyone does, but I can't for the life of me figure out the way
 to make this stuff apply to different users differently.

 PS: This information would be EXCEEDINGLY helpful to have in the HOWTO.
 The Oreilly book covers it a little, but... not that much either.

  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
 |$| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Group Policy for Win2k/XP

2003-06-26 Thread Ryan Novosielski

I am logging into a Samba server on an HP9000. I read the HOWTO that John
has been recommended (chapter 18) multiple times, but I think pieces are
missing in the explanation for this stuff, unless I'm just inept. ;)

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Thu, 26 Jun 2003, admir wrote:

 What server are you using for your users to log in?

 Is it samba or win2000? If it is samba then take a look at samba howto head
 3 at samba.org . It is telling you there how to change registry for machines
 to set diferent path for profile and policy updates. If you are using
 win2000 server just install active directory and look at Microsoft.com for
 info how to deploy security and policy settings in Active Directory.

 I have not done this in a long time. That is all I can tell you for now.

 regards,

 Admir

 Ryan Novosielski [EMAIL PROTECTED] wrote in message
 news:[EMAIL PROTECTED]
  Sorry to re-send, but I think this may have gotten missed last time,
  possibly because of the inaccurate subject line. Can someone throw me a
  bone here? I am very lost as far as this one part of the administration
  goes.
 
  Thanks for any help you can provide!
 
  The thing that I have been having great difficulty understanding, and this
  could be because of lack of Windows knowledge but bear with me, is how you
  can have DIFFERENT policy files based on... well, anything. I know group
  support is limited... how about even based on NetBIOS name as I can easily
  get that from %m at least. I know, for example, the profile of a Win2k
  machine will be located in \\SERVER\NETLOGON\Default Profile, but what if
  I want to have one for lab PC's and one for Office PC's, and for some
  remote sites, none at all, just authentication? I know how to implement
  policies per user, too, but I don't want to have to login as the user, set
  the policy and then save the policy and log out. How can I apply a policy
  to a user based on some arbitrary information? Is the logon script early
  enough to do some work behind the scenes to smylink the proper files into
  the right place, or... am I totally off track here? I'm sure this is
  something everyone does, but I can't for the life of me figure out the way
  to make this stuff apply to different users differently.
 
  PS: This information would be EXCEEDINGLY helpful to have in the HOWTO.
  The Oreilly book covers it a little, but... not that much either.
 
   _  _ _  _ ___  _  _  _
  |Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
  |$| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
  \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
 
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba
 



 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Group Policy for Win2k/XP

2003-06-26 Thread Admir

OK, lets go tru your question again.

Yo want to have a profile for to diferent machines.
One for lab and one for office?

Is the same user going to be loging in on both machines?

If that is so then I sugest you don,t use profiles but use system policy.

To do that you realy need poledit program from win NT 4 SERVER! cd-rom.

If I am not right, Can you explain to me the exact situation and why you
need multiple profiles for diferent users.

I also know that wehen you are using roaming profiles on diferent machines
you get some msg's like there is no program found for shourtcut's. That kind
of staf.

You have to tell me exectly why you want this?

Regards,

Admir







- Original Message - 
From: Ryan Novosielski [EMAIL PROTECTED]
To: admir [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 8:04 PM
Subject: Re: [Samba] Re: Group Policy for Win2k/XP


 I am logging into a Samba server on an HP9000. I read the HOWTO that John
 has been recommended (chapter 18) multiple times, but I think pieces are
 missing in the explanation for this stuff, unless I'm just inept. ;)

  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
 |$| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

 On Thu, 26 Jun 2003, admir wrote:

  What server are you using for your users to log in?
 
  Is it samba or win2000? If it is samba then take a look at samba howto
head
  3 at samba.org . It is telling you there how to change registry for
machines
  to set diferent path for profile and policy updates. If you are using
  win2000 server just install active directory and look at Microsoft.com
for
  info how to deploy security and policy settings in Active Directory.
 
  I have not done this in a long time. That is all I can tell you for now.
 
  regards,
 
  Admir
 
  Ryan Novosielski [EMAIL PROTECTED] wrote in message
  news:[EMAIL PROTECTED]
   Sorry to re-send, but I think this may have gotten missed last time,
   possibly because of the inaccurate subject line. Can someone throw me
a
   bone here? I am very lost as far as this one part of the
administration
   goes.
  
   Thanks for any help you can provide!
  
   The thing that I have been having great difficulty understanding, and
this
   could be because of lack of Windows knowledge but bear with me, is how
you
   can have DIFFERENT policy files based on... well, anything. I know
group
   support is limited... how about even based on NetBIOS name as I can
easily
   get that from %m at least. I know, for example, the profile of a Win2k
   machine will be located in \\SERVER\NETLOGON\Default Profile, but what
if
   I want to have one for lab PC's and one for Office PC's, and for some
   remote sites, none at all, just authentication? I know how to
implement
   policies per user, too, but I don't want to have to login as the user,
set
   the policy and then save the policy and log out. How can I apply a
policy
   to a user based on some arbitrary information? Is the logon script
early
   enough to do some work behind the scenes to smylink the proper files
into
   the right place, or... am I totally off track here? I'm sure this is
   something everyone does, but I can't for the life of me figure out the
way
   to make this stuff apply to different users differently.
  
   PS: This information would be EXCEEDINGLY helpful to have in the
HOWTO.
   The Oreilly book covers it a little, but... not that much either.
  
    _  _ _  _ ___  _  _  _
   |Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems
Admin
   |$| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922
(2-0922)
   \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg -
C630
  
   --
   To unsubscribe from this list go to the following URL and read the
   instructions:  http://lists.samba.org/mailman/listinfo/samba
  
 
 
 
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  http://lists.samba.org/mailman/listinfo/samba
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Group Policy for Win2k/XP

[Samba] Re: Group Policy for Win2k/XP

Re: [Samba] Re: Group Policy for Win2k/XP

Re: [Samba] Re: Group Policy for Win2k/XP

4 matches

Site Navigation

Mail list logo

Footer information